The protection of your personal data is important to us. Therefore, we wish to describe the contact options and ways of obtaining and processing personal data relating to data subjects as simply and accurately as possible.In the following, we provide you the contact details of our data protection officer as well as information on how to contact us in encrypted form. Then we will define the legal and technical terms used in the following text. Afterwards you will get an overview of the rights of the data subject. Following this, you will find information on the controller. Finally, we will detail the technologies and services used as well as our handling.
Should you have any questions or wish to obtain information, please do not hesitate to contact our external data protection officer at any time. The contact details are:
Oliver Offenburger, M.Sc.
Divison Data Protection
T +49 7721 69724-00
F +49 7721 69724-01
Our preferred form of contact is via e-mail. However, you can also contact our data protection officer by post or by telephone. If you wish to encrypt your e-mail to our data protection officer, we advise you to read the following section.
Guidelines for enquiries:
When sending an enquiry per e-mail within regular business hours, we will confirm receipt of your message on the same day. If you do not receive such confirmation, please contact us by telephone. When sending an enquiry per post, we will post confirmation of receipt of your message on the day that we receive your enquiry, at the latest on the next day. If you do not receive such confirmation, please contact us by telephone. If you wish to make an enquiry by telephone, we would ask you to contact our data protection partner, eye-i4 GmbH, directly by telephone.
1.1 Encryption of e-mails to our data protection officer
We support an encrypted transmission via e-mail. Therefore, we provide you with the possibility to encrypt your enquiries to the data protection officer in order to maintain confidentiality and integrity. We use PGP for encryption. Information about free usage options and installation can be found on the website of our data protection partner. You can download our PGP key using the following link: PGP KEY If you wish to verify the fingerprint, please contact our data protection partner, eye-i4 GmbH, by telephone. Should you have any further questions regarding encryption, please contact our data protection officer.
Before going into details on legal issues we would first like to define the associated terms::
2.1 2.1 EU-GDPR (also referred to as GDPR)
The term EU-GDPR (hereinafter also referred to as "GDPR") refers to the basic data protection regulation. It is a basic regulation of the European Union which regulates how personal data may be processed. For information, legislative text of the GDPR can be checked out via the following link:
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
2.3 Personal data and data subject “Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.5 Restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
2.8 Third party
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2.10 Personal data breach
“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
2.11 Data concerning health
“Data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
“Enterprise” means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.
2.13 Supervisory authority
“Supervisory authority” means an independent public authority which is established by a Member State pursuant to Article 51.
2.14 Relevant and reasoned objection
“Relevant and reasoned objection” means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union.
Before going into details on technical issues we would first like to define the associated terms:
3.1 File system
“File system” means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
Cookies are text files which are saved by a website on your local file system using your browser. These text files may be intended to realise technical matters like shopping cart mechanisms or to identify your visitor behaviour. For this purpose, the text files can be provided with identification features and additional information. You have the possibility to inhibit the browser of your terminal from saving any cookies. If cookies are deactivated, there may be technical restrictions when using a website.
3.3 Server logs
Server logs are log files that are compiled by the web server and record access to a website. Considerable information can be collected in a log entry, e.g. time of access, type of browser, IP address of visitor, etc.
The referrer designates the website from which the visitor has gained access to the website of the controller. Information about, for example, the referrer, can be obtained from the server logs.
The rights of the data subjects are specified in the GDPR and the respective national legislation on data protection. If you want to assert your rights, please contact our data protection officer using the contact details specified at the beginning. In the following we would like to inform you of your rights arising from the GDPR, particularly from chapter 3:
4.1 Information obligation
The data subject shall have a right to obtain information on the personal data stored, if the data were collected from the data subject or if the data were not obtained from the data subject. This is regulated by chapter 3 Art. 13 and Art. 14 GDPR.
4.2 Right of access
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to the personal data and information according to GDPR Art. 15.
4.3 Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
4.4 Right to erasure
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the grounds pursuant to Art. 17 GDPR applies.
4.5 Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the prerequisites pursuant to Art. 18 GDPR applies.
4.6 Notification obligation
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with GDPR Art. 16, Art. 17(1) and Art. 18 to each recipient to whom the personal data have been disclosed unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
4.7 Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
4.8 Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
4.9 Complaint with a supervisory authority
Pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority. For this purpose you can approach the supervisory authority of your habitual residence, place of work or the controller’s place of business. Our competent supervisory authority is: Landesbeauftragte für den Datenschutz und die Informationsfreiheit (state commissioner for data protection and freedom of information), Stuttgart
The controller according to Art. 24 GDPR is:
Hohner Maschinenbau GmbH, Gänsäcker 19, 78532 Tuttlingen
Further information on the controller is provided in the imprint.
6.1 Encryption of data transmission
We use the SSL (Secure Socket Layer) method to encrypt the transmission and request of data to our website. For this purpose we use a 128-bit key with SHA256 hash. Besides we employ suitable technical and organisational safety measures to protect your data against any accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our safety measures are continuously improved in accordance with the technological development.
6.2 Server logs
When using our website merely to obtain information, i.e. when you do not register with us or transmit information to us in any other way, we collect only the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which we require technically in order to display our website to you and guarantee stability and security (GDPR Art. 6, 1(f) is the legal basis for this):
Cookies are stored on your computer when using our website. You can configure your browser settings according to your wishes and reject the acceptance of third-party cookies, for instance, or all cookies. We would like to point out that you might not be able to use all the functions of this website. This website uses the following types of cookies, the scope and functionality of which are explained in the following:
- Transiente cookies,
- Persistente cookies.
6.2.1 Transiente Cookies
Transient cookies are automatically deleted when you close the browser. These include particularly the session cookies. They store a so-called session ID by which different requests from your browser can be matched with the joint session. In this way your computer can be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
6.2.2 Persistente Cookies
Persistent cookies are automatically deleted after a specified period which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
6.3 Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google in member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet.
This website uses Google Analytics with the extension "_anonymizeIp()". This allows IP addresses to be processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you contains a personal reference, this is immediately excluded and the personal data is immediately deleted.
We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield,
Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. user terms and conditions:
6.7 Google Maps
On this website we use the offer of Google Maps. In this way we can directly display interactive maps in the website for you and enable you to use the comfortable map function.
By visiting the website, Google receives the information that you viewed the respective sub-page of our website. This happens regardless of whether Google provides a user account via which you are logged in or whether there is no user account. If you are logged in with Google, your data are directly assigned to your account. If you do not want Google to assign this information to your profile, you must log out before activating the button. Google saves your data as a usage profile and uses them for the purpose of advertising, market research and/or need-based design of their website. The data are evaluated particularly (also for unlogged users) in order to provide need-based advertisements and to inform other users of the social network about their activities on our website. You have a right of objection to the formation of these user profiles, where you have to address yourself to Google in order to assert this right.
Further information on the purpose and scope of data collection and data processing carried out by the plug-in provider is available in the data privacy statements of this provider. There you can also obtain further information on your rights in this respect and setting options in order to protect your privacy: www.google.de/intl/de/policies/privacy. Google processes your personal data also in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
6.8. Google Font API
This site uses so-called web fonts provided by Google for the uniform representation of fonts. When you access a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. To do this, the browser you use must connect to Google's servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our online services This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f of GDPR. If your browser does not support web fonts, a default font will be used by your computer.
For more information about Google Web Fonts, kindly refer https://developers.google.com/fonts/faq and Google's data privacy statement: http://www.google.com/policies/privacy
We have included YouTube videos in our online offerings; the videos are stored at https://www.youtube.com and can be played directly from our website. When visiting our website, YouTube obtains information to the effect that you have called up the corresponding subpage on our website. Additionally, the data mentioned in § 3 of this declaration will be transmitted. This happens regardless of whether YouTube provides a user account via which you are logged in or whether there is no user account. If you are logged in with Google, your data is directly assigned to your account. If you do not want YouTube to assign this information to your profile, you must log out before activating the button. YouTube saves your data as a usage profile and uses them for the purpose of advertising, market research and/or need-based design of their website. Such an evaluation is done in particular (even for users who are not logged in) to need- provide based advertising and to inform other users of the social network about their activities on our website. You have a right to object to the creation of these user profiles; you have to address yourself to YouTube in order to assert this right.
In addition to our website, we use other online presences and digital channels such as social media to get in touch with our prospects and customers. We list these below.
We use Facebook (Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) and its functionality for a social media site and groups to present the company and communicate with various interested parties. In the case of Facebook, there is a shared responsibility between Facebook and us. Information about this can be found here: https://www.facebook.com/legal/terms/page_controller_addendum
We would like to point out that the rights of affected parties can be asserted directly against Facebook. Only Facebook holds the direct data of the users and can give a full statement about this.
Information on fan pages can be found especially at this link: https://www.facebook.com/legal/terms/information_about_page_insights_data
Please use the following link for the opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.
Facebook has submitted to the EU-US Privacy Shield. Please refer to this link for more information: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
We use contact forms on our website. The processing of the data is based on the fulfilment of the contract according to art. 6 para. 1 lit. b GDPR. If your inquiry is not in connection with an assignment on our part, we may also process your data on the basis of a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
9. Duration of storage
Unless specifically stated, we store personal data for as long as it is necessary to fulfil the purposes pursued. If the legislator prescribes retention periods, the data will continue to be stored by us for verification purposes but will not be processed in any other way and will be deleted after expiry of the statutory retention period.
10. Transfer to third parties
Transfer of your personal data to third parties other than for the purposes listed below shall not take place. We shall only transfer your personal data to third parties if: